Trust & Security

Looking at the URL below about "App Trust" - it only addresses "cloud" products.  Is there anything similar for Server apps?   Our VRM process is very stringent, so we need to be able ...

Keith Kennedy started a discussion 5 1 April 18, 2022

The end-of-life is fast approaching for Confluence and Jira server products and thus our organisation is looking at switching to the cloud versions. We work closely with the Home Office and in order ...

Ben Woolcock started a discussion 9 4 April 12, 2022

Instructions for Multi-factor Authentication generally tell me that if Google accounts are used to log into Atlassian products, MFA/2FA should not be used in Atlassian user settings, but instead in G...

Milo G started a discussion 4 0 April 11, 2022

We maintain an always-on bug bounty to identify and triage issues in our products and services. Many customers ask us for ‘penetration reports’ or similar - basically a report from a third party that...

Bill Marriott published an article 12 0 April 6, 2022

We use Service Management Datacenter for HIPAA compliant Ticketing.  Atlassian documentation is silent on HIPAA, and with the EOL announcement, we need to address the following or find a new sol...

Jesse Webb started a discussion 4 6 April 6, 2022

Can we trust Atlassian products to be in core of our business processes. We asked this question yourselves a few years ago when we started to use Atlassian products and answer was yes. Yesterday our...

Leonid Danilenko started a discussion 52 4 April 6, 2022

What are Personal Data? As the term indicates, personal data are any information related to an identified or identifiable person. In article 1 (1)(2) of GDPR, the regulation sets rules on protectin...

Andreas Springer _Actonic_ published an article 9 1 April 4, 2022

What is GDPR? The GDPR is an EU law adopted in 2018 to protect the personal data of EU citizens. It ensures that businesses process and secure the personal data (name, address, phone number, or IP ...

Andreas Springer _Actonic_ published an article 9 2 April 1, 2022

A summary of the zero-day Spring4Shell vulnerability is shown here: https://securityboulevard.com/2022/03/spring4shell-zero-day-attack-what-you-need-to-know/  

jy started a discussion 1 2 March 31, 2022

Atlassian’s Trust team now has a completed response for the Higher Education Cloud Vendor Assessment Toolkit (HECVAT) for our Cloud products.   What is HECVAT? The HECVAT is a structured q...

Bill Marriott published an article 8 1 March 31, 2022

Hi team,      As I'm using Jira application, while updating timesheet, having issues with reloading, While updating a timesheet for a task it redirects and showing empty, every time ...

Loganathan started a discussion 1 1 March 31, 2022

Regarding the "spring4shell"  vulnerability  in https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/ . Does anyone know that this vulnerability affect...

James Clarke started a discussion 26 6 March 31, 2022

Hi Seems to be that new threat is out and would it peril Atlassian products server/dc also? https://www.bleepingcomputer.com/news/security/new-spring-java-framework-zero-day-allows-remote-code-exec...

Urmo Luts started a discussion 3 2 March 31, 2022

Today, I find that "spring2shell" volnerabilities in https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/ . Does anyone know that this volnerabilities affect Atlassian products such lik...

Chihara started a discussion 7 8 March 30, 2022

Hi there Trust and Security group members! I’m part of the Data Center marketing team here at Atlassian and wanted to be sure you all knew about our new Data Center community group. Just as this Trus...

Mel Policicchio published an article 5 13 March 28, 2022

On March 22, identity and access management company Okta disclosed the account compromise of a third-party customer support engineer that occurred in January 2022. LAPSUS$ claimed responsibility for ...

Dan Hranj published an article 16 5 March 22, 2022

A customer who is migrating to Cloud is asking for confirmation that Personal Identifiable Information (PII) and user data (e.g. issue titles, summary, attachment filenames, project names, etc.) are ...

Dom Bush started a discussion 3 4 March 22, 2022

We've concerns over anyone being able to set up an API integration. We would like to see information that documents what kind of levels of access there are, if they can be managed (I believe they ca...

Piyush A (STR) started a discussion 1 2 March 16, 2022

What is data anonymization? By definition, data anonymization is information sanitization for privacy protection. It is the process of removing personally identifiable information from data sets ...

Andreas Springer _Actonic_ published an article 5 1 March 10, 2022

When customers entrust you with their personal information, like their credit card numbers, addresses for delivery, names, IP addresses… it is because they trust you to handle and protect their data....

Andreas Springer _Actonic_ published an article 7 2 March 3, 2022

...rofile Opsgenie Security Profile  Statuspage Security Profile Trello Security Profile In true Atlassian spirit, we believe that opening as many channels for our customers t...

pknowlton published an article 7 0 February 28, 2022

GDPR stands for General Data Protection Regulation. It is a privacy and security regulation, and it is considered one of the toughest in the world. GDPR came into effect in May 2018, impacting organi...

Andreas Springer _Actonic_ published an article 5 1 February 24, 2022

ISO/IEC 27001 Certification Update Overview The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a me...

Hema Vadodaria published an article 9 2 February 3, 2022

...psgenie Security Profile  Statuspage Security Profile Trello Security Profile In true Atlassian spirit we believe that opening as many channels for our customers to self serve is a more s...

Bill Marriott published an article 11 0 February 3, 2022

If you'd rather skip straight to the technical details, here's the blog post explaining how it all works. This post is the high-level story of how this technique was found, in which the story makes...

Alex Hope published an article 9 1 January 26, 2022